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IN THE CLAIMS 

Upon entry of the present response, the status of the claims will be as is shown below. 
This listing of claims replaces all previous versions and listings of claims in the present 
application: 

1-33 (Cancelled) 

34. (Currently Amended) A method for protecting a file svstem4ft on a server computer, 
wh e r e in a us e r having an acc e ss authority for a fil e can access th e file syst e m in the comput e r, 
the method comprising: 

generating a system security manager's digital signature-keys key pair and certificate; 

storing the system security manager's certificate onto a security kernel of an operating 
system on-a the server computer based upon a digital signature of the system security manager; 

generating a user's digital signature-key s key pair and a user's certificate signed using a 
secret key of the system security manager's digital signature key pair ; 

setting an access authority of the file system for the user's digital signatur e k e ys and 
certificate; 

identifying a user through a digital signature-based authentication using the system 
security manager's certificate and the user's certificate, when the user attempts to access the file 
system on the server computer ; and 

granting the user access authority for-thea file in accordance with the access authority of 
the file system set for the user's certificate only when the identifying is successful an id e ntifying 
r e sult . 

35. (Previously Presented) The method as recited in claim 34, further comprising: 
performing a user registering/deleting process when the user is identified as the system 

security manager. 
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36. (Previously Presented) The method as recited in claim 34, further comprising: 
setting the access authority of the file system when the user is identified as the system 

security manager. 

37. (Previously Presented) The method as recited in claim 34, further comprising: 
accessing and processing a file. 

38. (Currently Amended) The method as recited in claim 34, wherein generating the 
system security manager's digital signature-key s key pair and certificate comprises: 

generating-the a public key of the system security manager' s-publie digital signature key 

pair; 

generating the secret key of the system security manager' snseere t digital signature key 
pair ; and 

generating the system security manager's certificate. 

39. (Currently Amended) The method as recited in claim 34, wherein identifying the 
user through a digital signature-based authentication comprises: 

generating, at-a the server computer, random numbers; 
generating a digital signature to the random number; 

extracting4he a public key of the system security manager' s-pubti e digital signature key 
pair from the system security manager's certificate stored on the security kernel; 

verifying the user's certificate using the extracted system security manager's public key; 

extracting-the a public key of the user's-pubtie digital signature key pair and the access 
authority in the user's certificate; and 
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verifying the digital signature to the random number. 

40. (Previously Presented) The method as recited in claim 34, wherein granting the user 
the access authority comprises: 

providing the user with the access authority to the file system when the user is a general 
user; and 

providing the user with registering/deleting authority, file system access setting authority 
and the file system access authority. 

41. (Previously Presented) The method as recited in claim 35, wherein performing the 
user registering/deleting process comprises: 

determining whether user registration or deletion is selected; 

deleting data related to a user to be deleted when the user deletion is selected; 

registering a user when the user registration is selected; 

wherein registering the user comprises: 

providing the user to be registered with the access authority; 

generating a secret key and a public key of the user to be registered; 

generating a certificate of the user to be registered; 

encrypting and storing the secret key of the user to be registered; and 

storing the certificate of the user to be registered. 

42. (Previously Presented) The method as recited in claim 41, wherein the certificate of 
the user to be registered is generated by encrypting the access authority and the user's public 
key. 
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43. (Previously Presented) The method as recited in claim 36, wherein setting the access 
authority comprises: 

selecting a file; 

selecting a user allowed to access the file; and 

setting the access authority to the file as an access authority of the user. 

44. (Previously Presented) The method as recited in claim 37, wherein accessing and 
processing the file comprises: 

receiving a name of a file to be accessed; 

determining whether an access authority of the file to be accessed is equal to that of the 
system security manager; 

permitting the file to be accessed when the access authority of the file to be accessed is 
equal to that of the system security manager; 

determining whether the access authority of the file to be accessed is equal to that of the 
user trying to access thereto; and 

permitting the file to be accessed when the access authority of the file to be accessed is 
equal to that of the user trying to access thereto. 

45. (Currently Amended) An apparatus for protecting a file system4n on a server 
computer syst e m, wh e r e in a us e r having a fil e acc e ss authority can access th e fil e system in th e 
comput e r system , the apparatus comprising: 

a generator that generates a system security manager's digital signature-keys key pair and 
certificate; 
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a storage that stores the system security manager's certificate onto a security kernel of an 
operating system on- a the server computer based upon a digital signature of the system security 
manager; 

a generator that generates a user's digital signature-keys key pair and a user's certificate 
signed using a secret key of the system security manager's digital signature key pair ; 

an access setter that sets an access authority of the file system for the user's digital 
signatur e k e ys and certificate; 

an identifier that identifies a user through a digital signatur e signature-based 
authentication using the system security manager's certificate and the user's certificate, when the 
user tries to access the file system on the server computer ; and 

an authorizer that grants the user-tke access authority for4he_a file in accordance with the 
access authority of the file system set for the user's certificate only when the identifying is 
successful an id e ntification r e sult . 

46. (Previously Presented) The apparatus as recited in claim 45, further comprising: 
a registrar/deleter that performs a registration/deletion of the user when the user is 

identified as the system security manager. 

47. (Previously Presented) The apparatus as recited in claim 45, further comprising: 

an access setter that sets the access authority of the file system when the user is identified 
as the system security manager. 

48. (Previously Presented) The apparatus as recited in claim 45, further comprising: 
an accessor that accesses a file and a processor that processes the file. 
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49. (Currently Amended) The apparatus as recited in claim 45, wherein the generator 
that generates the system security manager's digital signature-keys key pair and system security 
manager's certificate comprises: 

a generator that generates a public key of the system security manager' s-publi e digital 
signature key pair; 

a generator that generates- a the secret key of the system security manager' s-seefe t digital 
signature key pair ; and 

a generator that generates a system security manager's certificate. 

50. (Currently Amended) The apparatus as recited in claim 45, wherein the identifier 
comprises: 

a generator that generates, at- a the server computer, random numbers; 

a generator that generates a digital signature to the random number; 

an extractor that extracts a public key of the system security manager' s-publie digital 
signature key pair from a system security manager's certificate stored on the security kernel; 

a verifier that verifies a user's certificate using the extracted system security manager's 
public key; 

an extractor that extracts a public key of the user' s-pablie digital signature key pair and 
the access authority in the user's certificate; and 

a verifier that verifies the digital signature to the random number. 

5 1 . (Previously Presented) The apparatus as recited in claim 45, wherein the authorizer 
comprises: 

a provider that provides the user with the file system access authority to the file system 
when the user is a general user; and 
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a provider that provides the user with registering/deleting authority, file system access 
setting authority and the file system access authority. 

52. (Previously Presented) The apparatus as recited in claim 46, wherein the 
registrar/deleter comprises: 

a determiner that determines whether user registration or deletion is selected; 
a deleter that deletes data related to a user to be deleted when the user deletion is 
selected; 

a registrar that registers a user when the user registration is selected; 
wherein the registrar comprises: 

a provider that provides the user to be registered with the access authority; 
a generator that generates a user's secret key and public key to be registered; 
a generator that generates a user's certificate to be registered; 

an encrypter that encrypts the user's secret key to be registered and a storage that stores 
the user's secret key to be registered; and 

a storage that stores the user's certificate to be registered. 

53. (Previously Presented) The apparatus as recited in claim 52, wherein the user's 
certificate is generated by encrypting the access authority of the user and user's public key. 

54. (Previously Presented) The apparatus as recited in claim 47, wherein the access setter 
includes: 

a selector that selects a file; 

a selector that selects a user allowed to access the file; and 

an access setter that sets the access authority to the file as an access authority of the user. 
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55. (Previously Presented) The apparatus as recited in claim 48, wherein the accessor 
and processor comprise: 

a receiver that receives a name of a file to be accessed; 

a determiner that determines whether an access authority of the file to be accessed is 
equal to that of the security manager; 

a permitter that permits the file to be accessed when the access authority of the file to be 
accessed is equal to that of the security manager; 

a determiner that determines whether the access authority of the file to be accessed is 
equal to that of the user trying to access thereto; and 

a permitter that permits the file to be accessed when the access authority of the file to be 
accessed is equal to that of the user trying to access thereto. 

56. (Currently Amended) A computer readable media storing instructions for executing 
a method for protecting a file svstem4n on a server computer , wh e r e in a us e r having an acc e ss 
authority for a fil e can acc e ss th e fil e syst e m in th e comput e r , the computer readable medium 
comprising: 

a first generating code segment that generates a system security manager's digital 
signature-key s key pair and certificate; 

a storing code segment that stores a system security manager's certificate onto a security 
kernel of an operating system on-a the server computer based upon a digital signature of the 
system security manager; 

a second generating code segment that generates a user's digital signature-keys key pair 
and a user's certificate signed using a secret key of the system security manager's digital 
signature key pair ; 

{P21705 00208809.DOC} 

9 



P21705.A08 

an access setting code segment that sets an access authority of the file system for the 
user's digital signatur e k e ys and certificate; 

a user identifying code segment that id e ntifying identifies a user through a digital 
signature-based authentication using the system security manager's certificate and the user's 
certificate, when the user tries to access the file system on the server computer ; and 

an access granting code segment that grants the user4he access authority for4he_a file in 
accordance with the access authority of the file system set for the user's certificate only when the 
identifying is successful an id e ntification r e sult . 

57. (Previously Presented) The computer readable media as recited in claim 56, further 
comprising: 

a registering/deleting code segment that performs a user registering/deleting process 
when the user is identified as the system security manager. 

58. (Previously Presented) The computer readable media as recited in claim 56, further 
comprising: 

an access setting code segment that sets the access authority of the file system when the 
user is identified as the system security manager. 

59. (Previously Presented) The computer readable media as recited in claim 56, further 
comprising: 

an accessing code segment that accesses a file and a processing code segment that 
processes a file. 



{P21705 00208809.DOC) 

10 



P21705.A08 

60. (Currently Amended) The computer readable media as recited in claim 56, the first 
generating code segment comprising: 

a public key generating code segment that generates a public key of the system security 
manager' s-pubti e digital signature key pair; 

a secret key generating code segment that generates- a the secret key of the system 
security manager' s-seere t digital signature key pair; and 

a certificate generating code segment that generates a system security manager's 
certificate. 

61. (Currently Amended) The computer readable media as recited in claim 56, the user 
identifying code segment comprising: 

a random number generating code segment that generates, at-a the server computer, 
random numbers; 

a digital signature generating code segment that generates a digital signature to the 
random number; 

a public key extracting code segment that extracts a public key of the system security 
manager' s-publie digital signature key pair from the system security manager's certificate stored 
on the security kernel; 

a certificate verifying code segment that verifies a user's certificate using the extracted 
system security manager's public key; 

a public key and access authority extracting code segment that extracts a public key of 
the user's-pubBe digital signature key pair and the access authority in the user's certificate; and 

a signature verifying code segment that verifies the digital signature to the random 
number. 
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62. (Previously Presented) The computer readable media as recited in claim 56, wherein 
the access granting code segment comprises: 

an access authorizing code segment that provides the user with the file system access 
authority to the file system when the user is a general user; and 

a registering/deleting authority code segment that providing the user with 
registering/deleting authority, file system access setting authority and the file system access 
authority. 

63. (Previously Presented) The method as recited in claim 57, wherein the 
registering/deleting code segment comprises: 

a determining code segment that determines whether user registration or deletion is 
selected; 

a deleting code segment that deletes data related to a user to be deleted when the user 
deletion is selected; 

a registering code segment that registers a user when the user registration is selected; 
wherein the registering code segment comprises: 

an access authorizing code segment that providing the user to be registered with the 
access authority; 

a user key generating code segment that generates a secret key and a public key of the 
user to be registered; 

a certificate generating code segment that generates a certificate of the user to be 
registered; 

an encrypting and storing code segment that encrypts and stores the secret key of the user 
to be registered; and 

a storing code segment that stores the certificate of the user to be registered. 
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64. (Previously Presented) The computer readable media as recited in claim 63, wherein 
the certificate is generated by encrypting the access authority and user's public key. 

65. (Previously Presented) The computer readable media as recited in claim 58, wherein 
the access setting code segment comprises: 

a file selecting code segment that selects a file; 

a user selecting code segment that select a user allowed to access the file; and 
an access authority setting code segment that sets the access authority to the file as an 
access authority of the user. 

66. (Previously Presented) The computer readable media as recited in claim 59, wherein 
the accessing and processing code segment comprises: 

a name receiving code segment that receives a name of a file to be accessed; 

a first access determining code segment that determines whether an access authority of 
the file to be accessed is equal to that of the system security manager; 

a permitting code segment that permits the file to be accessed when the access authority 
of the file to be accessed is equal to that of the system security manager; 

an second access determining code segment that determines whether an access authority 
of the file to be accessed is equal to that of the user trying to access the file; and 

an access permitting code segment that permits the file to be accessed when the access 
authority of the file to be accessed is equal to that of the user trying to access the file. 
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